Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Agenda:
1. Cookie and privacy concerns
2. Advertisers analyse cookies, sometimes (on Ad Networks)
3. Surprise Class activity and Q&A speaker (7PM-7.45PM)
Life of a Cookie
• In 2016, the cookie turned twenty
• It may have crumbled too.
• A proper specification for a cookie – with some safeguards – came only 2011
• Purpose of cookies:
• Session Management’
• Personalization
• Tracking
• possibility of malicious posts via your SM account if someone gets your cookie
• By mimicking a person’s cookie over the same network, a hacker can access sites and perform malicious actions. Depending
on the sites accessed while the hacker is monitoring the network, this could be anything from making false posts in that
individual’s name to transferring money out of a bank account
• Therefore, accessing using the HTTPS protocol even for non-financial activity
• Cookie theft can be avoided by only logging in over SSL connections or employing HTTPS protocol to encrypt the connection.
Otherwise, it is best not to access sites over unsecured networks.
3rd Party Cookies and the issues with them
• The 3rd party here is advertising company or engagement vendor
• A third-party cookie is one that is placed on a user's hard disk by a Web site from a domain other than the one a user is visiting. ... Blocking third-party cookies does not create
login issues on websites (which can be an issue after blocking first-party cookies) and may result in seeing fewer ads on the Internet.
• ‘Same Origin Policy’ can be turned on in many browsers
• The same-origin policy is an important concept in the web application security model. Under the policy, a web browser permits scripts contained in a first web page to access data
in a second web page, but only if both web pages have the same origin.
• An origin is defined as a combination of URI scheme, host name, and port number. This policy prevents a malicious script on one page from obtaining access to sensitive data on
another web page through that page's Document Object Model
• It is very important to remember that the same-origin policy applies only to scripts. This means that resources such as images, CSS, and dynamically-loaded scripts, can be accessed
across origins via the corresponding HTML tags[
• Interest-based Advertising or Online Behavioural Advertising
• Online advertising is a marketing strategy that involves the use of the Internet as a medium to obtain website traffic and target and deliver marketing messages to the right
customers. Online advertising is geared toward defining markets through unique and useful applications.
• Examples of online advertising include banner ads, search engine results pages, social networking ads, email spam, online classified ads, pop-ups, contextual ads and spyware.
• Online behavioral advertising (aka "OBA") describes a broad set of activities companies engage in to collect information about your online activity (like webpages you visit) and use
it to show you ads or content they believe to be more relevant to you.
• these companies identify you by a random ID number and try to make guesses about your interests and characteristics based on your online activity. The data they retain could
include:
• Your inferred age group (e.g. 18-25)
• Your inferred gender (e.g. male)
• Your inferred purchase interests (e.g. shoes)
• To avoid ‘man-in-the-middle’ stealing a cookie:
• A MITM attack happens when a communication between two systems is intercepted by an outside entity. This can happen in any form of online communication, such as email, social media,
web surfing, etc. Not only are they trying to eavesdrop on your private conversations, they can also target all the information inside your devices.Cookie-based transfers may be encrypted,
in many cases
• Subdomains and cookie-related invasions (2015)
• Cookies and their links to Social Networks, and why the most secure SN is already shuttered How Online Trackers and Social Networks are hand-in-glove, 2009
Alternatives to Cookies
• Apple’s IDFA, used for (proposed) advertisement delivery vertical iAd
• iAd is recognized in a Harvard Law School blog about secure ‘AdTech’
• iAd is a discontinued mobile advertising platform developed by Apple Inc. for its iPhone, iPod Touch, and iPad line of mobile devices allowing third-party developers to
directly embed advertisements into their applications.
• IDFA is the abbreviation for identifier for advertisers on iPhones. An Apple IDFA is somewhat analogous to an advertising cookie, in that it enables an advertiser to
understand that a user of a particular phone has taken an action like a click or an app install
• The Identifier for Advertisers (known as the IDFA) is a random device identifier assigned by Apple to a user’s device. Advertisers use this identifier to
track data so they can deliver customized advertising.
• The IDFA reveals no personal information. Instead, it’s used for tracking and identifying a user, which then allows advertisers to access aggregated
data which can be used to discover information – such as which in-app events they trigger.